Re: tls ssl ftp connection over iptables

To: Bastien Rocheron <bastien.rocheron@free.fr>
Cc: debian-firewall@lists.debian.org
Subject: Re: tls ssl ftp connection over iptables
From: "Volker Tanger" <volker.tanger@detewe.de>
Date: Thu, 25 Mar 2004 16:04:55 +0100
Message-id: <[🔎] 20040325160455.72b78780.volker.tanger@detewe.de>
In-reply-to: <[🔎] 20040425141745.48ecdf58.bastien.rocheron@free.fr>
References: <[🔎] 20040425141745.48ecdf58.bastien.rocheron@free.fr>

Greetings!

On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron
<bastien.rocheron@free.fr> wrote:

> I have an iptable packet filter which does his job well but when I
> decide to allow only tls connections over the ftp server people can
> connect on the server in active mode because I said to the packet
> filter to let everything come thru the ftp port but just after the
> connection is made it hangs and nothing more happens. I suppose it's
> because of the data port which is given randomly and this one is
> cyphered so the packet filter gets mad about it and drop the packets.

The FTP-conntrack can't look into the control channel and thus cannot
detect which data port will be used - thus no data port is ever opened.

One workaround would be to allow all outgoing connections and use
PASSIVE FTP...

Bye

Volker Tanger
ITK Security

Reply to:

Follow-Ups:
- Re: tls ssl ftp connection over iptables
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: tls ssl ftp connection over iptables
  - From: Bastien Rocheron <bastien.rocheron@free.fr>

References:
- tls ssl ftp connection over iptables
  - From: Bastien Rocheron <bastien.rocheron@free.fr>

Prev by Date: tls ssl ftp connection over iptables
Next by Date: Re: tls ssl ftp connection over iptables
Previous by thread: tls ssl ftp connection over iptables
Next by thread: Re: tls ssl ftp connection over iptables
Index(es):
- Date
- Thread